- Annual assessments and significant changes: All “in flight” annual assessments and significant changes should continue per the normal schedule. The transition will include a handoff of review and approval responsibility to the designated lead agency, agencies, or FedRAMP based on the existing annual assessment schedule or significant change timeline on a case by case basis.
- Deviation requests: Cloud service offerings should continue to submit deviation requests. Deviation requests are documented in the POA&M and Deviation Request Form. Review and approval of deviation requests will be the responsibility of designated lead agencies (or FedRAMP for program authorizations). In the case that a CSO is part of a formalized multi-agency ConMon, the specific responsibility for adjudicating deviation requests will be defined as part of that Charter.
- The existing Deviation Request process is currently being reworked.
Comments
0 comments
Please sign in to leave a comment.